06-09-2009 10:55 AM
Hi, all,
We have a lot of employees working from home, for those people, we
send them the small 851Ws configured as an ezvpn client working at NEM
mode, those C851Ws will get private DHCP address from employee's home
router (Linksys, Dlink, Airport, what have you). Since most home
routers default internal IP address is 192.168.0.0 and our corp
internal IP address is 10.0.0.0, the solution worked perfectly.
Now there is one employee his home router's default internal IP
address is also 10.0.0.0, the IPsec tunnel came up fine, but computers
behind C851W is painfully slow to access corp servers, I believe the
root cause is that when traffic destined to corp 10.0.0.0 address
reaches C851W, the traffic is not directly sent to IPsec tunnel, in
stead, C851W tries to route it locally.
Is there anyway we can force traffic with destination 10.0.0.0 to go
to IPsec tunnel automatically?
Thanks,
06-10-2009 07:23 AM
I believe you would need to look at the mask, is the corp a /8 network? if so then you will always have painful issues, however if the mask is specific then both networks should be completely different.
06-10-2009 07:29 AM
Yes, split-tunnel is pushing /8 to ezvpn clients, it is easier to manage with /8 mask as new networks are constantly being added to corp network.
06-10-2009 07:33 AM
Well for instance remember that connected networks have always an Administrative Distance of 0, so anything directly connected will be preferred all the time, as I can see the only way to fix this would be to change the subnet on the local router. Now also this problem should only be seen to networks or servers that overlaps with the local network on the remote router if the router has also a /8 then this of course will fail but if it a /24 or more specific it should not be a major issue for local hosts on the remote site, but it will be for hosts on the corp site if they all have a /8 net.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide